Merge pull request #1924 from a1flecke/maven-classifier

    Bug Fixes: Maven Classifier, SemVer

.rubocop.yml

@@ -11,12 +11,30 @@ AllCops:
 Layout/DotPosition:
   EnforcedStyle: trailing
 
+Layout/EmptyLinesAroundAttributeAccessor:
+  Enabled: false   
+
 Layout/LineLength:
   Max: 80
 
 Layout/RescueEnsureAlignment:
   Enabled: false
 
+Layout/SpaceAroundMethodCallOperator:
+  Enabled: false  
+
+Lint/DeprecatedOpenSSLConstant:
+  Enabled: false
+
+Lint/MixedRegexpCaptureTypes:
+  Enabled: false
+
+Lint/RaiseException:
+  Enabled: false
+
+Lint/StructNewOverride:
+  Enabled: false
+
 Metrics/ClassLength:
   Max: 350
 
@@ -54,9 +72,30 @@ Style/SignalException:
 Style/Documentation:
   Enabled: false
 
+Style/HashEachMethods:
+  Enabled: false  
+
+Style/HashTransformKeys:
+  Enabled: false
+
+Style/HashTransformValues:
+  Enabled: false
+
 Style/PercentLiteralDelimiters:
   PreferredDelimiters:
     '%i': ()
     '%I': ()
     '%w': ()
     '%W': ()
+
+Style/ExponentialNotation:
+  Enabled: false
+
+Style/RedundantRegexpCharacterClass:
+  Enabled: false
+
+Style/RedundantRegexpEscape:
+  Enabled: false
+
+Style/SlicingWithRange:
+  Enabled: false

bundler/spec/fixtures/ruby/rubygems_responses/info-backports

@@ -0,0 +1,128 @@
+---
+1.3.1 |checksum:4fe510307fb4ab36df02390a28ea59044310732db3e486e7043e67027f5e0f26
+1.5.0 |checksum:3257497ef87811ea9fad8eb2aea00ac4617b2220255a45d0ebf25530cf4cfa86
+1.6.0 |checksum:745c4cd1b2be06fa608bd9e5a19e1b5ba20d20b2dc888918bf44e2e4315a59cf
+1.6.1 |checksum:f5ebd078333eadfdc01e5889d7a60c33b1a941275f1856f172c522e569c8f5c3
+1.6.3 |checksum:738e951ea02e853454086f29c7cbd6510f8dd62ba20f4f2675e7b669d0ab89bb
+1.6.4 |checksum:530a9e4a6d17ff823b88d6f266efd2347650edee01b0998d66eed8395d4c9976
+1.6.6 |checksum:0cc62ee6c45643620d53dfd23757e1f0d4122dbd9b6e77128980a93459876f5b
+1.6.7 |checksum:8ed9b0d4911845a9886863ace51fdcc19194ced3392513c45ab03eea0610a216
+1.6.8 |checksum:e73ba2510839cc0e14b5c0ce353b5d14fc6ea1dc178f69ec6e3d0e5780d1a81a
+1.7.0 |checksum:2ad7aba2e150a039c93fe7fb1121fea0f8e14a635a239aea8354af6c32317787
+1.0.0 |checksum:f015fc21f12a4a5a7b4206b97b1a4f38abe01432b7b3afb08bd069485eb6da01
+1.1.0 |checksum:5fce35799de051d09424d42a40468d1d8645276994b5cf19214196d005d4d3e8
+1.1.1 |checksum:af595084aded9904fb879f612f136e03ac00d9ce23a24b85cf485e905a61d276
+1.2.0 |checksum:a269b9440e49cb161cf8ee32aed4eec1c86b65969edebf0ebad8adad3a152d77
+1.3.0 |checksum:29c4472f84407d7718e8e110d04de9570072d2df734126a19d62e2e17b66703a
+1.7.1 |checksum:a8cd3950f7caf8fddb163e055e59d070ef2841d1d8fdfea30b536c76d96568a7
+1.8.0 |checksum:e9e8cc4c06b907b9323ddade4eecb31420ab03f334999c8b1a5505f2f10f75c5
+1.8.1 |checksum:d179f619bb670f31edca5d6f9778a9eb4107dd76a08c82c31267ec2940712e4c
+1.8.2 |checksum:d5612d021b6856d542a681a7956a6e1e255dfcdbdaea0552541e90da97405a6e
+1.8.3 |checksum:9dbba63d7936450a203c772e6aa348cda611de6390bc7ac738d9bbc5712543c5
+1.8.4 |checksum:a0e47307d567cba59ee0f61fae5786582c8241d3a9cdf1ea111268685aaf8ac4
+1.9.0 |checksum:7501285d471a074ec14134496f9f0628656425b4c7f71dcfe9d35d39cfc2bb2c
+1.10.0 |checksum:1bb5be092f5befdc1be7e9665e0ef13b11007468d254a581da9c43f66fcee16d
+1.10.1 |checksum:8e017dc658fe6fcacf512ccde0ed0a1866cd72f10e14a6c7fdde2ad7e6d691bf
+1.10.2 |checksum:8057e68b5c441db0148633650d41e796147be9ce1d197565e600502841035184
+1.10.3 |checksum:48b6e25b6414fcbaae1de54ca91e2f2a9dc9caceeb76b5677b8001284f16fd4c
+1.11.0 |checksum:aa530f5dc3745fc166e05ffc51f1f937336516f2c3ee46875c8daddb69e2ed77
+1.11.1 |checksum:9472b8a7d634cc2148963079abdc6a13849c4a147f7689b0c5ba0bab94ec873d
+1.11.2 |checksum:1a1225f392bbffac4aa299cee080f9ac855b6826589c548efe44b121ed741321
+1.12.0 |checksum:e34e257f20eb94f2c8f954cc6b62929c72a82915349a66a7f6564c649ca65d99
+1.12.1 |checksum:8317823b9f7652e29053f1435dd2c5a88a5ac67338be5d8d5c8e6130fc406261
+1.12.2 |checksum:549dd0bc6fcf62708d9f488a9ca8f628475dd91c91cad12df8e5a212cdf264a1
+1.12.3 |checksum:0d9389abcde7e2b029272dba0cdc28df95602762d65d956c6319e9f987af5cde
+1.13.0 |checksum:d8aa5f07b857a7fdb91a0693f55e69c48862f762562bebf91605d1b6930a63ca
+1.13.1 |checksum:ab831ed8a743addf2d3c183629428d17c1edfcffc1711344ec41f3378b34c93e
+1.13.2 |checksum:f50b90cee4bdbaa5037647f7875ca9c73ce8d635608c5cf0a8ee71f5becb46a9
+1.13.3 |checksum:1a6f9c906a63cfc8c8502f8bc8fba616297a4c5cfa3ca81156272d5a91be2bc9
+1.14.0 |checksum:63acdd7b06efe2a72abc54b2314f213e769c908af6a8d374fdfe3db2dcffd506
+1.14.1 |checksum:e22e67ee5d2636b8f6ed8fc53ec08add4fe4cb7dc9bdf0d650248affc68f72fd
+1.15.0 |checksum:17c2b36495a6639e630fe146864cfdafc2b8a3a7dd2bed1a8c7e65a698a63916
+1.16.1 |checksum:9f5105d5bfb88bba6f222e80564e6956059e95b9f16c19ec08d41a1e386311d0
+1.16.2 |checksum:12695e9ab1d2b13d3d8abc028d33e488d61d8689d675b362844fbb944b51df7b
+1.16.3 |checksum:c5040dd70f0f44f8da7943004e87383703f69c142f9e8734660ea5f3dec1ceeb
+1.16.4 |checksum:0440fce9df03829c95cf3be194ee4bb7a2cd66d1e41bf3e085e9fa0b0a59a48e
+1.16.5 |checksum:c5db83c23014bf0cd4d50d1aa34b80f35ae918773efd54f3ed0ec0d48b5d0ab5
+1.16.6 |checksum:00491401c2514c2e3222e16dd4188164b8adab690d70d333f48037113a9b2bdd
+1.16.7 |checksum:68d83712ba117bca95be8ab14f52e7fb8ee8d1b395f6d41b96858e54cc850a23
+1.17.0 |checksum:dc1b1025ddc0a1192b90cbd2cf0561a56e7b373fe8892cee2a9fae3e92a7514c
+1.17.1 |checksum:b895009b4cb42bb9e3d40736497fb12a0b7fceb77ba7d50674cd57570f9112de
+1.18.0 |checksum:5e90b27103e569fcbf51f3cdf8f783965dfb9d341d565daf2a1a3cb8268d2356
+1.18.1 |checksum:9f415f6d50f9546cdd3af6618fdf8af18593a2067c8743712809f8db08773790
+1.18.2 |checksum:6485282b6fbcdd957f61f576b0a8f8640c1711272449b5f4c9d22d7938b1566c
+2.0.0 |checksum:cd63398f7911a10a6434db4a3c3ca7ade42a56672b52a08661bd7d60aedad4d6
+2.0.1 |checksum:055cc3c936cf80dad7916fd71c301107e8e827ad643bce55b99be5b76253fbd2
+2.0.2 |checksum:8c38f1a9ee8b50523e1c128556f06b5d56903e8f988de41e21d79191b61252a1
+2.0.3 |checksum:4225032179f9a5d291bf68ba5dd132516995fe5c981f2f22e99d21abf0f60073
+2.1.0 |checksum:c6d13fa74c732e80fff1d60fd2364c49672e18522641a5901d9c371d3a3f3d19
+2.2.0 |checksum:12e9634d5cc66b5d11b29cfaa1e14e6680189f0efa91765aa697de897c35e56e
+2.2.1 |checksum:e635f1f5df013e707620f14320b661c58329ac0291d1ed73a60830c8e959a65b
+2.3.0 |checksum:337c2d5ac5d75ab2fb195cbb511eb85ce46aea13ceeb48ddf9d128e064caeec1
+2.4.0 |checksum:372f01bae60b54bac1b8d9c662b9543f1ef8c824aeedd326f348b93586e919d9
+2.5.0 |checksum:800256afebf5ff30155fb747d226309b94a6e47542fe3fdc62bc137d32837af2
+2.5.1 |checksum:6121d3ae1bcffc426db7264bda9ca721270850c125761170ec0764a50eca64db
+2.5.2 |checksum:03287169773dcae6aa5b26a45ddd8625b1cef1bac29a9abd26bb1b6367b04ab2
+2.5.3 |checksum:b71fbdb1aa965e10d5214e05a44a648ca84d8b076486cd02ed641baed7bebdfd
+2.6.0 |checksum:81476b12128f06aa5a9a78e5be90af731fab13d6b3b4dcd0edfe74e029cb0a34
+2.6.1 |checksum:10751d1f07fec340e0b96ae5f5277741a24fc50471df3912a6939241548eb385
+2.6.2 |checksum:c327c2edcf64b6102ce8b2cb407db267a78691095368bfe1a074dc72799407ea
+2.6.3 |checksum:0a9b5451d6633acac04ec486dbd76beaaf41c76eb5b992080efba7d718457d74
+2.6.4 |checksum:5c2d3664ecfdb721593d932a240aa8f08290a9776f0faaa2ef69db578986b85c
+2.6.5 |checksum:54a8b0a58ed5c1a43fb1103b3aadf090dd3bc5c634c826fc8f1f84f23417a894
+2.6.6 |checksum:bfc547afddae7015c9ffb45317008eea13d0c75e7619ef1c2fb6f2267c7f6955
+2.6.7 |checksum:4372be0107380115c554353989509368037877463c4ce48a45ef65f5f54d5979
+2.7.0 |checksum:c2a976ebca859d1f33730a9c12a30a09b197b6c65cad77dbede1c9278ba4ee62
+2.7.1 |checksum:f7cc42c99d39ffb0aa4c3d8dcaaf018ec530a4745a0fde94bbe5e552d748e1fa
+2.8.0 |checksum:a018aa38c521d364f8005942473ad09d016b1f2440d27a9a456e1d5d7cd33ee3
+2.8.1 |checksum:b75f53d00ece2cb0861ab37e856fe442e4eb863573d28c18a7571b387d065124
+2.8.2 |checksum:172e9ac3c985480b2fb5a339d9c622b7febbe0e98127c17c50a65b589656e1b8
+3.0.0 |checksum:15e2b605caeff353daa889ac9502a6192020ffa6efdb5b678d7542a1adc999ad
+3.0.1 |checksum:01a209688867b7def8dcd6e72337b064b781979521006792f994497071732c4b
+3.0.2 |checksum:1592b5d2b63b8d31f4a9b52c0a154128e272b06451536b8149a51f6830e85555
+3.0.3 |checksum:755e25a6abb29385fb689046163c7fb5ec262ac73581a87d1f7818ca640691b2
+3.1.0 |checksum:35bc46596855424f6f78de9ca822caf237e86bca45ea6768a3e9930488c0809c
+3.1.1 |checksum:8c8ed3c96be0edf793e787d8e042c3f66125415c36dc443fdeed52982c2e8451
+3.2.0 |checksum:aaf14d3aff47b95d2b6cd65f94c2b75fd2828262e470608458785de6628046e3
+3.3.0 |checksum:2ca3a4fa61dbc696d7e767a1bc29413cdd23446c0028c0d745f0929318caeb82
+3.3.1 |checksum:30165d19c58ff401ed2c8209a1fac77fdefce7c27467fb0e05ff624e15f42c4b
+3.3.2 |checksum:17874ba25c89bc7ebe055a05199cf029452fd94678d511963570a72b69e1ba22
+3.3.3 |checksum:5ef7b7ea4bdc1713fa8cd8340a938b5a2ec0a6861a1c12aa7a67533e10513478
+3.3.4 |checksum:5e51396f3fc42e188efeafeefb94b4fca668002651aefc078c6183950d17b43d
+3.3.5 |checksum:0d290fad60819d0963f76e933fba3b2bfc7afe62cf2e93b749d0e2463d82c7bb
+3.4.0 |checksum:e6480e835fce5c7f250e40d2d15c506aea15a92c1c8744188aef7cfa6a1e6516
+3.4.1 |checksum:bc67d8e8743c8353d26a7fc2acc1e354621356be40c00e5063d0742266010989
+3.5.0 |checksum:27a7d32974715014dc77366581f609cb17c1f3cdfad12019e97f99f584299a40
+3.6.0 |checksum:05bfcca180a4fdc604527b112e0bee299d34a1a0b21bd614110157472ab036de
+3.6.1 |checksum:78a1f4b758d8012ed050c4586db94133baa2b9a526059311b4764af8ebff4ea0
+3.6.2 |checksum:292598fddca7834692a95bbfb263520125c6c7b0f3e5ec84f8f131e41645faf4
+3.6.3 |checksum:6b23ee9de796f8a7d87f98fb60d19cd47ca3ac4a3fab017d69349ee61cdd3578
+3.6.4 |checksum:4cf3afed5e5df3c6e233f99d2fd9dc01a228d8fd1c8a18e230b36c121e415174
+3.6.5 |checksum:f4a7c4c539b3f53056b52eec2eb40078983bec57b4e218cd6e44d223d3d88a5e
+3.6.6 |checksum:e0ce60155bbf58a2a5b73214aeac83a3b4acb99fc2823af82a05482e2b43dfdc
+3.6.7 |checksum:2cbf3154f5392c3ae7278989094c2e9d68453bfb6079d36e74affa49a09c1255
+3.6.8 |checksum:b3a81049fb3026b49302b6badedad33c710b302b8a7229d6b168c9530fc78ffd
+3.7.0 |checksum:1458571360a5ee2990f1a96cd26c8d6ce516b75c7c82c513978bda9f52c28ae2
+3.8.0 |checksum:f5b6109367910c280c33223f8882d175ccbb829b25e5909b974557693ef8ec9e
+3.9.0 |checksum:9ff67070f90c90d00b6e168de0a934376dd33f904a7c617c9691e169ac404b39
+3.9.1 |checksum:8f4c5b56406ce8b4affb20c18c254fbd665b7235f5eb0931bed72f18450bb84f
+3.10.0 |checksum:ee4b778358385df3511f0d25990c9498aa1d187da3251570c3de186fb1da22b6
+3.10.1 |checksum:81a6e55324a8eba8fab7c3594fc2cc929b73ab44521c8b50b86a3c4a688c3d24
+3.10.2 |checksum:e07b02390ec37454d62e50a484ab642b74be2e9c6ced69db7701ee6562746c9e
+3.10.3 |checksum:c027ad53e842fecf8334c6fba40886c3dd0465bcd94a908c262964378798faa9
+3.11.0 |checksum:df779df58c5cb157e69c504a046a8012503176349760d84d519b02f5b1605856
+3.11.1 |checksum:0bbef931c9aab634d52466be66f85c5725e680e9f6895d9ce86112c53d10b14d
+3.11.2 |checksum:bf3149d99fca0d7ca729fa49caa6e3fd6439a8b543caa0621088c2f07546856b
+3.11.3 |checksum:57b04d4e2806c199bff3663d810db25e019cf88c42cacc0edbb36d3038d6a5ab
+3.11.4 |checksum:0ff9c1601e381e51f93fca3b9931b5e0de4ff0f359da536603fa40c1799750c3
+3.12.0 |checksum:8457b24f51c377cd315a5c397b38a45cdc4f82be597dcd843625ce4968b2462d
+3.13.0 |checksum:31372dff80d100d95900de82fcb7209ca7c44d458d93c76b610ac14d13e29cfc
+3.14.0 |checksum:d6d949ff429354faa55e244b6ad792a3f80946699d443e08b07325b380bb459e
+3.15.0 |checksum:c23ad4b8b3637992f34c41256b46d49dc49a3725f1df78de42469deb43749f31
+3.16.0 |checksum:73b54cc84bd75cac9ee13fc4961cde52db713c4eefa59c7dfde115a2e0416bcc
+3.16.1 |checksum:4543f393f88309ff8c07b39f72471fa52adfef2d6945acc990749ea378a1e36a
+3.17.0 |checksum:bb18a4c7a2a13828d18e348ea81183554adcaac4fc9db0ecd1f3d1dfbd7fdc8f
+3.17.1 |checksum:7098791fa6d51aacab12fd3cf5b128e4ef6404a6a58c8bbd1e7ed70b7249c61b
+3.17.2 |checksum:3e821397a68eadb9ce78dc934d130eb3fac7bf1ef6aae5c8e7683e385a46e565
+3.18.0 |checksum:646a19506108be3c247252ce85ffd55212c1ae6cfa0403d0ebfb5c477683e72d
+3.18.1 |checksum:4c7f64f6193815ca0662399b563e369667f788cb0b8e324d7dd2ff83a1e64f61

common/lib/dependabot/pull_request_creator/labeler.rb

@@ -89,21 +89,9 @@ def automerge_candidate?
         @automerge_candidate
       end
 
-      # rubocop:disable Metrics/PerceivedComplexity
       def update_type
         return unless dependencies.any?(&:previous_version)
 
-        precision = dependencies.map do |dep|
-          new_version_parts = version(dep).split(".")
-          old_version_parts = previous_version(dep)&.split(".") || []
-          all_parts = new_version_parts.first(3) + old_version_parts.first(3)
-          next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
-          next 1 if new_version_parts[0] != old_version_parts[0]
-          next 2 if new_version_parts[1] != old_version_parts[1]
-
-          3
-        end.min
-
         case precision
         when 0 then "non-semver"
         when 1 then "major"
@@ -112,7 +100,18 @@ def update_type
         end
       end
 
-      # rubocop:enable Metrics/PerceivedComplexity
+      def precision
+        dependencies.map do |dep|
+          new_version_parts = version(dep).split(/[.+]/)
+          old_version_parts = previous_version(dep)&.split(/[.+]/) || []
+          all_parts = new_version_parts.first(3) + old_version_parts.first(3)
+          next 0 unless all_parts.all? { |part| part.to_i.to_s == part }
+          next 1 if new_version_parts[0] != old_version_parts[0]
+          next 2 if new_version_parts[1] != old_version_parts[1]
+
+          3
+        end.min
+      end
 
       def version(dep)
         return dep.version if version_class.correct?(dep.version)

common/spec/dependabot/pull_request_creator/labeler_spec.rb

@@ -533,16 +533,59 @@
             end
           end
 
+          context "for a patch release with build identifier" do
+            let(:version) { "1.4.1+10" }
+            it { is_expected.to include("patch") }
+
+            context "when the tags are for an auto-releasing tool" do
+              let(:labels_fixture_name) { "labels_with_semver_tags_auto.json" }
+              it { is_expected.to_not include("patch") }
+            end
+          end
+
+          context "for a patch release when both have build identifers" do
+            let(:previous_version) { "1.4.0+10" }
+            let(:version) { "1.4.1+9" }
+            it { is_expected.to include("patch") }
+
+            context "when the tags are for an auto-releasing tool" do
+              let(:labels_fixture_name) { "labels_with_semver_tags_auto.json" }
+              it { is_expected.to_not include("patch") }
+            end
+          end
+
           context "for a minor release" do
             let(:version) { "1.5.1" }
             it { is_expected.to include("minor") }
           end
 
+          context "for a minor release with build idenfitier" do
+            let(:version) { "1.5.1+1" }
+            it { is_expected.to include("minor") }
+          end
+
+          context "for a minor release when both have build identifiers" do
+            let(:previous_version) { "1.4.0+10" }
+            let(:version) { "1.5.1+1" }
+            it { is_expected.to include("minor") }
+          end
+
           context "for a major release" do
             let(:version) { "2.5.1" }
             it { is_expected.to include("major") }
           end
 
+          context "for a major release with build identifier" do
+            let(:version) { "2.5.1+100" }
+            it { is_expected.to include("major") }
+          end
+
+          context "for a major release when both have build identifiers" do
+            let(:previous_version) { "1.4.0+10" }
+            let(:version) { "2.5.1+100" }
+            it { is_expected.to include("major") }
+          end
+
           context "for a non-semver release" do
             let(:version) { "random" }
             it { is_expected.to eq(["dependencies"]) }

maven/lib/dependabot/maven.rb

@@ -22,7 +22,7 @@
   register_display_name_builder(
     "maven",
     lambda { |name|
-      artifact_id = name.split(":").last
+      _group_id, artifact_id, _classifier = name.split(":")
       %w(bom library).include?(artifact_id) ? name : artifact_id
     }
   )

maven/lib/dependabot/maven/file_parser.rb

@@ -104,7 +104,7 @@ def dependency_name(dependency_node, pom)
         return unless dependency_node.at_xpath("./groupId")
         return unless dependency_node.at_xpath("./artifactId")
 
-        [
+        name = [
           evaluated_value(
             dependency_node.at_xpath("./groupId").content.strip,
             pom
@@ -114,6 +114,15 @@ def dependency_name(dependency_node, pom)
             pom
           )
         ].join(":")
+
+        if dependency_node.at_xpath("./classifier")
+          name += ":#{evaluated_value(
+            dependency_node.at_xpath('./classifier').content.strip,
+            pom
+          )}"
+        end
+
+        name
       end
 
       def plugin_name(dependency_node, pom)
@@ -185,7 +194,6 @@ def version_property_name(dependency_node)
         return unless dependency_node.at_xpath("./version")
 
         version_content = dependency_node.at_xpath("./version").content.strip
-
         return unless version_content.match?(PROPERTY_REGEX)
 
         version_content.

maven/lib/dependabot/maven/file_updater/declaration_finder.rb

@@ -57,6 +57,11 @@ def fetch_pom_declaration_strings
               evaluated_value(node.at_xpath("./*/artifactId").content.strip)
             ].compact.join(":")
 
+            if node.at_xpath("./*/classifier")
+              node_name += ":#{evaluated_value(node.at_xpath('./*/classifier').
+                content.strip)}"
+            end
+
             next false unless node_name == dependency_name
             next false unless packaging_type_matches?(node)
             next false unless scope_matches?(node)